A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Recent economic troubles might have something to do with the fact that many organizations today seek to establish only the bare minimum level of security. To be more precise, they try to do what they think is the bare minimum. In fact, their belief that security “due diligence” can be reduced to the level prescribed by regulations such as the Payment Card Industry Data Security Standard (PCI DSS) is more common than ever. Unfortunately, the results of this flawed thinking include security breaches and other damaging events.This trend toward establishing the minimum required level of security has affected many security safeguards, including Security Information and Event Management (SIEM) and log management. Most organizations simply deploy these technologies to place a check in the compliance check box. In this paper we will take a look at this disturbing trend and provide useful guidance for maximizing the value of SIEM and log management tools, while focusing on protecting systems and data not on simply checking the compliance check box.
To summarize, SIEM focuses on security while log management focuses on broad use of log data. More specifically, SIEM tools include correlation and other real-time analysis functionality, which is useful for real-time monitoring. In comparison, log tools often focus on advanced search across all log data. Today, select tools combine select capabilities of SIEM and log management in a single product or product suite. Read on to learn more about SIEM and log management.